CVE-2022-24950

Name of the Vulnerable Software and Affected Versions Eternal Terminal versions prior to 6.2.0

Description A race condition exists in the software that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in the getInfoForId() function of UserTerminalRouter.

Recommendations For versions prior to 6.2.0, update to version 6.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the UserTerminalRouter::getInfoForId() function until a patch is available.